Protection of Intellectual Property Rights related to Images

by Daniel Augot

One of the chalenges of the Aquarelle project is to protect the intellectual
property rights of the images collected as data. The adopted solution is
the technique of watermarking. This technology embeds information into
a given image, in such a way that relevant copyright information may be
retrieved later. This mark must be invisible in order to preserve image
quality and must be impossible to remove. Furthermore, the mark must be
robust enough to image manipulations and image compression, such that an
attacker is not able to destroy it.

The Aquarelle watermarking system was developed in cooperation between
Université catholique de Louvain (UCL) and INRIA. UCL provided
the watermarking and a verifying tool, while INRIA integrated the algorithms
and designed the functional model. The functional model has a key-importance
in the design of a watermarking system.

The model and its supporting software should enable to replace easily
the watermarking algorithm by another one when more robust methodologies
become available.

The algorithm that UCL provides to INRIA is mainly designed to ensure
invisibility of the watermark, and thus can be used to watermark high quality
images (not only vignettes or small images). It is also very resistant
to JPEG compression, random noise, blurring. The algorithm is parameterized
with a long key (80 bits), which is unique for each image to be watermarked.
The counterpart is that this algorithm only writes a single bit of information.

This algorithm was initially exploited through a functional model designed
for the EOLE project, a Belgium initiative to create a national distributed
photo-archive of artworks. In this model, a trusted third party (TTP) is
introduced, which performs watermarking of an image, and also the verification
of the mark. A copyright owner conveys an image to the TTP, who marks it
using a selector which is then stored in a local database, and sends it
back to the owner. For verification, an image may be submitted to the TTP,
who retrieves the relevant key, and checks the mark.

This model can be improved by separating the person who does the watermarking
action and the person who does the verification. In the Aquarelle functional
model, the owner of the image marks the image himself, and verification
is performed by the TTP. This leads to a protocol suite involving the Diffie-Hellman
protocol which enables two parties to share a secret over a communication
which is subject to eavesdropping. This protocol was already presented
in 1977 (before RSA) and is well known to cryptologists. At the practical
level, it offers the same security as RSA. We name this combination of
the Diffie-Hellmann exchange protocol and the watermarking action the DHWM
protocol (Diffie-Hellmann Water-Marking protocol), and provide a light
implementation of it, and of the TTP running the services.

A first advantages of the DHWM protocol is that two image transmissions
are no longer needed, and are replaced by a protocol in which a few hundred
bytes are exchanged between copyright-owners and the TTP. This clearly
improves bandwidth usage. A second advantage is that there is no need for
encrypting images, as would be the case in the EOLE model. This is very
important because of various government regulations on encryption in Europe.

The TTP is implemented as an HTTP server, which provides two main actions.
The first action is launched on request from a copyright-owner to receive
a valid key. The second action is launched on request from any user to
verify the mark on an image. On the copyright-owner side, a simple stand-alone
program is provided, which opens a connection to the TTP, receives the
corresponding key, and performs the watermarking. On the side of a user
requesting a verification, a powerful enough browser is needed, since the
user fills in an HTML form which launches the verifying operation on the
TTP side. There is no need for a special program, applets or plug-ins from
the user side. In this way, the verification service may be accessed by
anyone, although in an industrial installation, this functionality could
be restricted to some categories of users.